Make sure your environment meets the following requirements prior to installing the DataPower Operations Dashboard Cloud Agent Operator and deploying the Custom Resources.
Container Environment
The DataPower Operations Dashboard Cloud Agent Operator supports the following platforms:
OpenShift Container Platform (OCP) 4.10, 4.12
Operator Lifecycle Manager (OLM) installed
IBM DataPower Gateway operator v1.6.0+
Network Requirements
Firewall Requirements for Cloud Agent
Resource Requirements
Component | CPU | Memory |
---|---|---|
Operator | 500m (limit: 2) | 512Mi (limit: 2Gi) |
Cloud Agent Messaging - | 500m (limit: 2) | 4Gi |
Cloud Agent Manager - | 500m | 1526Mi |
Cloud Agent Manager - | 200m | 512Mi |
Cloud Agent Syslog Ingester - | 500m (limit: 2) | 2Gi |
Total | 2.2 (limit: 6.7) | 8.5Gi (limit: 10Gi) |
Storage Requirements
A block storage class that provides ReadWriteOnce (RWO) access mode and 10 IOPS (Input-Output Operations per second) that is at least 50 GB, for storing the collected data.
Cluster-scope Permissions
The DataPower Operations Dashboard Cloud Agent Operator requires the following cluster-scope permissions. These are brought in by ClusterRoles and bound to the operator's and the manager’s ServiceAccounts via ClusterRoleBindings.
API Groups | Resources | Verbs | Description |
---|---|---|---|
console.openshift.io | consoleyamlsamples | create, get, update, delete | Permissions needed to customize OCP web console YAML samples |
storage.k8s.io | storageclasses | get, list | Permissions needed to list storage |
apiextensions.k8s.io | customresourcedefinitions | get, list | Permissions needed to list CustomResourceDefinitions |
integration.ibm.com | dpodcloudagents, dpodcloudagents/status | create, delete, get, list, patch, update, watch | Permissions needed for management of owned CustomResourceDefinitions |
rbac.authorization.k8s.io | clusterroles, roles, rolebindings | create, delete, get, list, patch, update, watch | Permissions needed for management of roles |
'' (none) | pods, services | get, list, watch | Permissions needed to list pods and services |
datapower.ibm.com | datapowerservices, datapowerservicebindings | get, list, watch | Permissions needed to list DataPower service |
'' (none) | namespaces | get, list, watch | Permissions needed to list namespaces |
'' (none) | pods, services, persistentvolumeclaims, configmaps, secrets, serviceaccounts | create, delete, get, list, patch, update, watch | Permissions needed for management of cloud agent components |
apps | deployments, statefulsets | create, delete, get, list, patch, update, watch | Permissions needed for management of cloud agent workloads |
route.openshift.io | routes, routes/custom-host | create, delete, get, list, patch, update, watch | Permissions needed for management of routes |
events.k8s.io | events | create | Permissions needed for creating of events |
coordination.k8s.io | leases | create, delete, get, list, patch, update, watch | Permissions needed for management of leases |
'' (none) | services, pods | get, list, watch | Permissions needed to list services and pods |